ICO’s Call for evidence — Age Appropriate 
Design Code: summary of responses 


Introduction 


In June 2018, the ICO issued a call for views on the Age Appropriate 
Design Code (‘the Code’). Overall, we received 97 responses from a 


variety of stakeholders. Responses from organisations are available to 
read on our website. 


The call for views is one strand of the ICO’s consultation, with research 
commissioned to understand the views of children and their parents 
expected in January 2019. Once we have received the results of this 
research we will consider it alongside the responses to the call for views. 
We will then produce an ICO response to the themes raised. 


Key themes 


A wide variety of general and detailed issues were raised. Whilst it is not 
possible to cover every point that was raised in detail, a number of key 
themes emerged which are summarised below. 


Age brackets and evidence 


Many respondents felt that the suggested age brackets were appropriate 
or very appropriate, with some suggestions of how these could be 
improved or amended (eg to reflect key stages in education). 


Some respondents, particularly those representing the views of ISS, felt 
that the age brackets were not really or at all appropriate. Some of the 
reasons given include that they would require collection of more personal 
data and the implementation of age verification procedures. Concerns 
were raised about how this would fit in with data minimisation standards. 


Potential difficulties in obtaining and verifying parental consent for 
children under 13 were also raised. 


Concerns were also expressed that age brackets will be difficult to 
implement into online services, resulting in the withdrawal of products or 
a lack of child access to certain services. Some respondents also noted 
that use of age brackets may result in five different versions of the Code, 
making it difficult to comply with and administer. 


A key theme that emerged, however, was that design standards shouldn’t 
be based solely on age, as ISS providers need to take into account that 
children develop differently at different rates and don’t fit neatly into 
different age groups. Accordingly, it was felt important to consider other 
factors, such as children’s cognition, social and emotional development, 
disabilities and special educational needs, mental age, etc. In addition, 
many respondents noted that more vulnerable children will require 
additional protections. 


Finally, the importance of the role of parents/carers was noted. 
Particularly, it was suggested that parents/carers are best placed to judge 
the child’s competency. Similarly, it was expressed that parental/carer 
involvement would be beneficial to children’s privacy as they could assist 
the child in adjusting settings or considering privacy information. It was, 
however, noted that not all parents/carers are digitally literate or 
understand the implications of the use of a service on a child’s privacy. 


The United Nations Convention on the Rights of the Child 


Most respondents were positive about applying the Convention to the 
provisions of the Code, with many suggestions about how the Convention 
may apply in this context. 


Most prominently, it was expressed that ISS should act and design 
services ‘in the best interests’ of the child, putting the child’s best 
interests above the commercial interests of the ISS. 


Several respondents commented that although Article 16 - the right to 
privacy — is perhaps the most relevant to the Code, it is still important to 
take into account the other rights in the convention, and to ensure any 
focus on privacy is balanced with them - eg right to information and 
protection from harmful information, right to be heard, etc. The 
implication of this being that overly prescriptive standards and privacy 
settings could affect a child’s other rights under the convention. 


Some noted the Convention’s recognition of a child’s evolving capacity, 
which could be relevant to the design of ISS at different age brackets. 


Aspects of design (meaning, coverage, where the bar should be 
set and challenges) 


e Default privacy settings 


Most respondents felt that default privacy settings should be high and set 
to collect the least data possible. It was also expressed that it should be 
very clear to children where they should go to alter their privacy settings. 
There were conflicting views on whether privacy settings should revert to 
default once the child has navigated away from the page. Whilst some 


believed this was a credible option, others felt that this was taking control 
away from the user. It was also expressed that reverting to default 
settings every time results in a poor user experience. 


Another theme that emerged was that if service or software is updated, 
the default settings should not be altered to be less restrictive. Others 
commented that there may be an appetite for standardised privacy 
settings, allowing children to easily recognise where to locate and how to 
adjust settings. 


Finally, a number of respondents noted that high privacy settings 
shouldn’t unnecessarily restrict or block children from using a service. 
Neither should the design of the service encourage children to lower their 
privacy settings when it wouldn't be in their best interests. 


e Data minimisation standards 


There was a consensus amongst respondents that an ISS should only 
collect and process the minimum personal data necessary for the 
operation of the service, particularly where collecting children’s personal 
data. In addition, respondents felt that the ISS must show reasonable 
justification for the collection and processing of all personal data. 


Other suggestions made by respondents include higher data minimisation 
standards for the youngest users; for processing of personal data to cease 
as soon as the child exits the service; and that personal data should be 
deleted when the child has finished using the service. Linked to this, it 
was suggested that there should be expiry standards, data caps and time 
limits and that children should be given frequent opportunities to delete 
their personal data. 


Several respondents raised concerns about the effect on data 
minimisation if the proposed age brackets were implemented. It was felt 
that age brackets may require the implementation of age verification and 
parental consent mechanisms, resulting in ISS collected more personal 
data to verify the child’s age and/or parental consent. 


e Presentation and language of terms and conditions and privacy 
notices 


Respondents considered that this aspect should cover the wording, 
phrasing, length, format, etc of terms and conditions and privacy notices. 
Respondents noted the challenges of providing privacy information and 
ensuring that it is read and properly understood by young children. Many 
highlighted research/studies which show that many people do not read 
privacy information. One respondent felt there is too much emphasis on 
privacy information as it relied upon the child being capable of reading 
them (or having a parent/carer who is). 


The prominent theme was that the presentation and language of terms 
and conditions and privacy notices need to be appropriate for the age of 
the user. This included using plain, simple and concise language and 
presenting it in an accessible way. It was suggested that ISS should be 
encouraged to use child-friendly methods such as audio and video, as well 
as using images and bigger font sizes. 


As with default privacy settings, some respondents felt that children 
should not be restricted from using a service if they refused to accept the 
terms and conditions. It was noted by some that terms and conditions 
form part of legally enforceable agreements and cannot be oversimplified 
or else they will lose meaning. 


Finally, some respondents expressed concern that the code should not 
prescribe specific methods or limit the way privacy information is 
provided. It was argued that a requirement to use certain methods may 
be too costly for smaller organisations, meaning they cannot operate in 
the market. Similarly, restricting the way privacy information is provided 
may prevent organisations from going above and beyond to provide 
information in new and innovative ways. 


e Uses of geolocation technology 


Respondents suggested that this should cover any information including 
location, time, duration and traffic information relating to an individual’s 
use of a device. It was suggested that the definition of geolocation be 
clearly set out in the Code to avoid limiting tracking, for example, for 
anti-fraud purposes. 


The majority of respondents felt that geolocation should be turned off by 
default unless critical to the service offered. Again, it was suggested that 
this default should not revert after a software update, etc. In addition, 
there was support for the idea that geolocation data should only be used 
whilst the app/service is in use and there should be a clear indicator to 
remind the user this data is being processed. Furthermore, it was felt that 
the user experience should not be downgraded for children who chose not 
to allow location tracking. 


Others considered that geolocation should not be offered to children 
under a certain age, although there were differing views on where this 
age should be set. 


e Automated and semi-automated profiling 


It was suggested that profiling should be clearly defined within the Code, 
including distinguishing between ‘good’ and ‘bad’ profiling. 


Some respondents believed that automated/semi-automated profiling is 
inappropriate for children and therefore should not take place, unless it 
can be demonstrated to be in child's best interest. 


Some felt that a Data Protection Impact Assessment (DPIA) should be a 
prerequisite before any profiling of children takes place. It was also 
important to some respondents that children (or their parents/carers) 
were able to understand the basis of the profiling before it takes place, 
express a view on the results and contest the accuracy. 


e Transparency of paid-for activity such as product placement and 
marketing 


Respondents tended to agree in this area that paid for activity should be 
overt and transparent so it should be clear to children. There was strong 
feeling that children’s data should not be used for commercial 
purposes/exploitation, or processed for behavioural advertising. 


It was suggested that this area may be challenging for the Code to cover 
as it crosses into the remit of the Advertising Standards Authority. 


e Sharing and resale of data 


It was noted that the Code should define and distinguish between these 
two areas. ‘Sharing’ was taken to cover both internal sharing and sharing 
with external third parties. 


Generally, it was felt that the sharing/sale of children’s personal data 
should be strictly controlled or limited. Any sharing should be transparent, 
with the ability to track who the data has been shared to. Where consent 
is given to share data, it was expressed that this should not be considered 
unlimited by the ISS. 


Linked with the default privacy settings, it was suggested that ISS should 
not automatically opt children in to sharing of their data by default, nor 
should opting in be a condition of the service. The concern for many was 
that commercial interests should not override what is in the best interests 
of the child. 


In contrast to the standards ISS should adhere to when deciding whether 
to share children’s personal data, some respondents also considered the 
ability of children themselves to share their personal data. This links in 
with privacy settings, in that younger children perhaps should be more 
restricted in what they can share, with a greater element of control to 
share as they get older, with warnings or messages about the potential 
risks/consequences of sharing given by the ISS at the point they wish to 
change settings to enable sharing, or when posting content. 


e Strategies used to encourage extended user engagement 


The main themes arising from respondents was that this practice should 
be limited, made appropriate to the age of the child, and clearly 
identified. Respondents suggested it should cover features designed to 
extend user engagement (so-called ‘sticky’ features’), and factors such as 
wording used by ISS, forced actions, the ease of changing privacy and 
other settings, rewarding children for using a service, as well as 
notifications, autoplay and infinite scroll features. 


Much of the concern was around the negative aspects of compulsive or 
persuasive design, leading children to spend more time online and 
consequently to provide more personal data. A particular issue noted was 
that many children struggle to manage their time online and are more 
susceptible to these features. Some respondents thought that strategies 
to encourage extended user engagement should be clearly identified and 
rated, linking in with the suggestion of establishing a labelling or rating 
system for privacy. This would contribute to an ISS’s overall privacy 
rating, allowing users to make more informed decisions about using the 
service. 


Others thought that persuasive design features should be removed due to 
their perceived negative aspects, whereas others considered that 
implementing measures to mitigate against them may be more effective. 
For example, some respondents suggested that notifications about a 
child’s use/time spent on an ISS may be more effective than imposing 
time restrictions. They also wanted best practice guidance on persuasive 
design on children, including where extended use could be harmful, and 
where such designs can be acceptable and age-appropriate. 


Also, aS a counterpoint to banning persuasive design outright, one view 
was that ISS should be free to develop fun and engaging content, so long 
as this is transparent and within the law. 


e User reporting and resolution processes and systems 


Most respondents agreed that the reporting and resolution processes for 
children should be easy to use and responsive to their needs. This may 
include adding reporting buttons to content/posts, or otherwise clearly 
signposting reporting mechanisms. In addition, including human support 
as part of the process, or allowing children to take their own action (such 
as ‘un-tagging’ pictures of themselves) was felt beneficial. 


It was also felt important to include the ability to track the progress of a 
complaint, and establishing a timescale to address it, with the ISS having 
to give reasons if it rejects or refuses to investigate a complaint, and 
having to signpost an appeal route or how the child can then exercise 
their rights. Some suggested that there should be a universal reporting 
standard, so the process is familiar to all children and therefore easier to 
exercise. 


One other suggestion was to introduce the grading of complaints by 
urgency, based on the child’s perspective. For smaller businesses, some 
felt it was important not to force costly solutions on businesses, in order 
to maintain a level playing field. 


It was noted that introducing specific processes for children to report 
concerns may create the additional challenge of requiring age verification 
procedures. 


e Ability to understand and activate a child’s right to erasure, 
rectification and restriction 


Like with user reporting and resolution systems, respondents considered 
it would be beneficial for ISS to develop standardised tools to allow 
children to exercise their rights in a simple and straightforward manner. 
Again, making the process easily accessible and responsive is seen as 
key. Some consider that ISS should be compelled to incorporate the 
activation of rights into the design of their services. 


A presumption in favour of accepting a child’s request to exercise their 
rights was also promoted, although some felt this would undermine the 
legal requirements of the right and risk data being erased which is 
necessary. Particular focus was made by some respondents on the 
importance of the right to erasure - this was in the context of issues 
around so-called ‘sharenting’ or where children are the victims of bullying 
and sexual exploitation, and the general concern about children posting 
information when they may not fully realise the consequences. 


A number of respondents advocated the implementation by government 
of Article 80(2) of the GDPR, feeling this would increase protection by 
allowing other bodies to be proactive pursue matters on behalf of 
children. 


Another respondent made the point that the principles of 
activating/exercising rights should be consistent to both adults and 


children and that business should be allowed to work out best way to 
deliver information about exercising rights. 


e Ability to access advice from independent, specialist advocates on 
all data rights 


As a continuation of the general theme of making processes and systems 
easy for children to use, respondents were in favour of ISS enabling 
children to access help and advice and making the process easy and 
responsive. 


General themes and comments 


A point that was raised by a number of respondents was the importance 
of including the input of children themselves into the process of 
developing design standards and the design of ISS. 


A number of respondents wanted clarification/explanation of any terms 
used in the code and to make them as plain English as possible 


Another theme that came out of the submissions was that changing or 
setting the standards of design as detailed above would shift the 
responsibility for ensuring the privacy of children from the children 
themselves and their parents, to ISS, where children can’t be expected to 
bear the burden of ensuring their own privacy, which can be a complex 
area. 


A theme by some respondents was the introduction of a traffic light or 
labelling systems for different aspects of design of ISS, in order to make 
it easier for children and their parents to determine the privacy standards 
of any given ISS. 


Again, the idea that children’s ‘best interests’ should be the focus in all 
aspects of design was a common theme. Similarly, making ISS be 
required to carry out a ‘childhood’ DPIA to cover the different aspects of 
design was recommended. 


Noting the overlap with other industry standards and indeed other pieces 
of data protection guidance, a number of respondents wanted to see 
various other codes and guidance incorporated into the Code to place 
them on a ‘statutory footing’. 


Many respondents were supportive of the proposals of 5Rights in 
response to the call for evidence, or at least elements of its submission. 


A number of respondents noted that to be successful, the Code would 
need to be influential internationally, given that not all ISS will be UK- 
based. 


Additional standards 


Some respondents suggested age verification itself should be subject to a 
design standard. They also considered ISS should be required to carry out 
DPIAs focussed on children’s interests and issues as standard. Indeed, 
some extended this to including children in any design process. 


Certification of ISS was also suggested by some. 


One respondent in particular considered that there should be an 
overarching duty of care employed by ISS that they be held to. Linked to 
this could be the incorporation of the precautionary principle, which it was 
felt would be a more suitable approach to setting standards given the fast 
pace of technological change. 


Challenges and opportunities 
Challenges: 


e Many respondents felt that age verification and obtaining parental 
consent would be a significant challenge. Either process would 
require the collection of more personal data and may be bypassed. 

e Getting ISS to implement design by age brackets would require a 
redesign of existing services which, alongside developing multiple 
versions of new platforms, could be costly. 

e Respondents felt that it would be a challenge to use existing child 
development evidence to make design standards appropriate for 
each age group. They noted the difficulty in ensuring they do not 
hinder children’s development online and allow them to evolve as 
individuals. 

e The international nature of ISS was noted as an additional challenge 
particularly as the Code will be developed from UK law. There were 
more general concerns about monitoring compliance. 

e There was concern that if the Code was too prescriptive, it could be 
costly (by forcing particular solutions) and discourage innovation in 
products (by restricting the collection of personal data, or by setting 
limits in what an ISS can and can’t do) and potentially disadvantage 
SMEs. 


e The fact that technology evolves so quickly was noted as a 
challenge, being too prescriptive or having specific technical 
standards could render the code outdated quickly. It was suggested 
that the Code would work better if it was principle based/flexible, 
allowing for the development of new technology. 

e There was a view that setting some of the standards (where to draw 
the line — or even if saying something must be done in a child’s 
‘pest interests’ - and what are the definitions) can be challenging. 

e Many respondents felt it can be a challenge providing privacy 
information to children (and to a lesser extent, to parents). 


Opportunities: 


e An opportunity to reshape the online experience for children - 
protecting their privacy, changing expectations and norms. 

e Many respondents noted the opportunity to raise awareness of 
privacy issues with children and their parents/carers and to educate 
them. 


Examples of good ISS design 


Most responses to this question provided either examples of ISS that 
respondents considered of a good design, or what they considered would 
be good design (the latter mirroring in many instances the standards 
discussed above). Of the existing ISS, it’s notable that the vast majority 
of these were services already aimed specifically at children as their 
intended audience/user base. 


